openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "Revert "Compile sepolicy on-device at early boot."" 

am: 58929b0447

Change-Id: Iebc03e89240bfa77401ede8699196063b399e3db
This commit is contained in:
Daniel Cashman 2016-12-17 01:08:24 +00:00 committed by android-build-merger
parent e733fac3ef 58929b0447
commit c21c4e3837
2 changed files with 1 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
init/Android.mk
View File

@ -95,7 +95,6 @@ LOCAL_STATIC_LIBRARIES := \
libext4_utils_static \
libbase \
libc \
libsepol \
libselinux \
liblog \
libcrypto_utils \

22
init/init.cpp
View File

@ -36,8 +36,6 @@
#include <sys/wait.h>
#include <unistd.h>
#include <cil/android.h>
#include <cil/cil.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
@ -519,13 +517,6 @@ static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_
return 0;
}
/* policy is a combination of platform, non-platform and mapping policy files */
static constexpr const char* pol_files[] = {
"/plat_sepolicy.cil",
"/mapping_sepolicy.cil",
"/nonplat_sepolicy.cil" // TODO, switch to different partition when final.
};
static void selinux_initialize(bool in_kernel_domain) {
Timer t;
@ -534,24 +525,13 @@ static void selinux_initialize(bool in_kernel_domain) {
selinux_set_callback(SELINUX_CB_LOG, cb);
cb.func_audit = audit_callback;
selinux_set_callback(SELINUX_CB_AUDIT, cb);
cil_set_log_handler((void (*)(int, char*))selinux_klog_callback);
if (in_kernel_domain) {
void* pol_data = NULL;
size_t pol_len = 0;
LOG(INFO) << "Compiling SELinux policy...";
if (cil_android_compile_policy(&pol_data, &pol_len, pol_files,
arraysize(pol_files)) < 0) {
LOG(ERROR) << "failed to compile policy";
security_failure();
}
LOG(INFO) << "Loading SELinux policy...";
if (selinux_android_load_policy(pol_data, pol_len) < 0) {
if (selinux_android_load_policy() < 0) {
PLOG(ERROR) << "failed to load policy";
security_failure();
}
free(pol_data);
bool kernel_enforcing = (security_getenforce() == 1);
bool is_enforcing = selinux_is_enforcing();